... then this might save you some time: The easiest way is to setup one vhost for HTTP and another for HTTPS in apache. Terminate and handle the TLS/SSl connection in the apache HTTPS vhost as you seem to be doing now The two vhost should forward (Proxy pass) request to two distinct Tomcat connectors.
Add secure and scheme attribute to the tomcat connector definitions. Depending on your setup you might find useful to also set the proxyName and proxyPort attributes of the tomcat connectors, they set the public dnsname and port for your services and will be use to build full redirect URLs. Luca Luca ----- Original Message ----- > From: "Ben Titmarsh" <ben.titma...@hotmail.co.uk> > To: "Tapestry users" <users@tapestry.apache.org> > Sent: Wednesday, February 18, 2015 7:53:29 PM > Subject: RE: Weird behaviour generating URLs for HTTPS pages > > I think you could be correct Luca. My tomcat is fronted by apache which has > the following rules: > > ProxyPass / http://localhost:8080/ retry=0 > ProxyPassReverse / http://localhost:8080/ > ProxyPreserveHost on > > I'm not particularly hot on Apache but I suspect that something here is > modifying Tapestry's https redirect to an http one, which in turn causes > Tapestry to attempt the redirect back in the other direction causing the > loop. > > Now reading a bit more about this stuff! > > > Date: Wed, 18 Feb 2015 19:07:50 +0100 > > From: lu...@dbmsrl.com > > To: users@tapestry.apache.org > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > Hi, > > couldn't it be related to the servlet container config? > > > > As far as I remember tapestry uses information provided by the servlet > > container [1] to determinate if a given request is happening over a secure > > connection or not. > > So you might want to double check your container config. > > Assuming you're using Tomcat see [2] (secure and scheme parameter) > > > > Moreover the redirect loop you're experiencing make me think you're running > > behind an http server... > > Are you're handling the S in httpd? In this case you obviously need two > > tomcat (or whatever) endpoints (one secure=true the other secure=false), > > as the container hasn't access to the original (un)secured connection so > > it can't provide the this info to Tapestry. > > > > Luca > > > > > > > > > > [1] > > https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getScheme() > > and > > > > https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#isSecure() > > [2] http://tomcat.apache.org/tomcat-7.0-doc/config/http.html > > ----- Original Message ----- > > > From: "Ben Titmarsh" <ben.titma...@hotmail.co.uk> > > > To: "Tapestry users" <users@tapestry.apache.org> > > > Sent: Wednesday, February 18, 2015 6:45:18 PM > > > Subject: RE: Weird behaviour generating URLs for HTTPS pages > > > > > > That's right and if I don't add > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); then all links > > > to > > > @Secure pages are generated with port 80 too. Not sure why that is.. > > > > > > > Date: Wed, 18 Feb 2015 12:40:51 -0500 > > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > From: gchrist...@cardaddy.com > > > > To: users@tapestry.apache.org > > > > > > > > My bad Ben, I was thinking this was something related to > > > > Tapestry-Security > > > > when I seen your login url example. > > > > > > > > So your saying your capable of accessing the pages directly with > > > > https:// > > > > without the use of @Secure, but with @Secure it puts you in an infinite > > > > loop while trying to access the page? > > > > > > > > On Wed, Feb 18, 2015 at 11:56 AM, Ben Titmarsh > > > > <ben.titma...@hotmail.co.uk> > > > > wrote: > > > > > > > > > Hi George, > > > > > > > > > > I don't have that property set to anything. My login page is just > > > > > called > > > > > "login" though! This problem is also happening on other pages that I > > > > > have > > > > > marked as secure, for example "register". > > > > > > > > > > Links aside I can't even hit those pages without getting caught in a > > > > > redirect loop, but I can happily hit any other page over https that > > > > > does > > > > > not have the @Secure annotation. I've been looking around trying to > > > > > find > > > > > a > > > > > filter or something in the Tapestry source that uses this @Secure > > > > > annotation but can't seem to find it. I'm on Tapestry 5.3.7 for what > > > > > that's worth. > > > > > > > > > > Thanks, > > > > > Ben. > > > > > > > > > > > Date: Wed, 18 Feb 2015 11:47:16 -0500 > > > > > > Subject: Re: Weird behaviour generating URLs for HTTPS pages > > > > > > From: gchrist...@cardaddy.com > > > > > > To: users@tapestry.apache.org > > > > > > > > > > > > Hi Ben, what is your LOGIN_URL set too? Your not trying to secure > > > > > > the > > > > > same > > > > > > page your LOGIN_URL is set to right? > > > > > > > > > > > > Example > > > > > > configuration.add(SecuritySymbols.LOGIN_URL, "/login"); > > > > > > > > > > > > On Wed, Feb 18, 2015 at 11:20 AM, Ben Titmarsh < > > > > > ben.titma...@hotmail.co.uk> > > > > > > wrote: > > > > > > > > > > > > > Hey Guys, > > > > > > > > > > > > > > I've just got my web server set up for SSL and it's working, but > > > > > > > am > > > > > > > experiencing some odd behaviour from Tapestry. I've added the > > > > > > > @Secure > > > > > > > annotation to one of my pages but by default the link is > > > > > > > generated > > > > > thus: > > > > > > > > > > > > > > https://[DOMAIN]:80/login > > > > > > > > > > > > > > I tried adding: > > > > > > > > > > > > > > configuration.add(SymbolConstants.HOSTPORT_SECURE, "443"); > > > > > > > > > > > > > > The link is now generated correctly like this (without a port): > > > > > > > > > > > > > > https://[DOMAIN]/login > > > > > > > > > > > > > > However when I hit that link, it gets caught in an infinite 302 > > > > > redirect > > > > > > > loop. > > > > > > > > > > > > > > I can quite happily hit any page without the @Secure annotation > > > > > > > over > > > > > https > > > > > > > and it loads fine. > > > > > > > > > > > > > > Any pointers? > > > > > > > > > > > > > > Thanks, > > > > > > > Ben. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > George Christman > > > > > > CEO > > > > > > www.CarDaddy.com > > > > > > P.O. Box 735 > > > > > > Johnstown, New York > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > George Christman > > > > CEO > > > > www.CarDaddy.com > > > > P.O. Box 735 > > > > Johnstown, New York > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
